Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
d
defensivedepth
10/19/2020, 8:44 PMWindows Server 2019, Launcher + autoupdate stable. Trying to enroll in Fleet, seeing the folllowing:
caller=level.go:63 level=info caller=extension.go:136 msg="extension interrupted" err="enrolling host: query enrollment details, (even with retries): done trying: query enrollment details: could not query the extension manager client: write field stop error: The pipe is being closed."j
Jason Green
10/21/2020, 7:45 PMStarted getting this, figure it out yet?
d
defensivedepth
10/21/2020, 9:01 PMNot yet - is yours from a fresh install? Stock Launcher / Fleet?
j
Jason Green
10/21/2020, 9:06 PMMine is from so-launcher in SO 2.3.0, same msi worked on other hosts.
d
defensivedepth
10/22/2020, 12:06 PM@seph Have you seen this before?
s
seph
10/22/2020, 12:09 PMno, I don’t think I’ve seen that
I think that’s laucher saying it can’t talk to osquery. More logs might help. Are you running this in the foreground? It’s easier to get debug logs.
Or… A new launcher flag is
debug_log_filej
Jason Green
10/22/2020, 6:31 PMHere's a pastebin with debug on: https://pastebin.com/b3DQ9xdU
Could it be a problem with osquery-extension.exe not properly launching or connecting to the named pipe?
@seph I posted some debug logs, does that give you any more clues?
d
defensivedepth
05/04/2021, 11:16 AMSeeing this error again... Seems to be very intermittent
m
MarkMurdock
05/24/2021, 9:18 PMI am also seeing this error on some Server 2019 VMs. Anyone figure out what was going on?
d
defensivedepth
05/24/2021, 11:35 PM@MarkMurdock Is that with Security Onion?
m
MarkMurdock
05/25/2021, 12:25 AMNo in my case it's FleetDM on Ubuntu 20.04
And Server 2019 with Launcher + autoupdate
s
seph
05/25/2021, 1:56 AMThe error quote here just says launcher couldn’t talk to osquery. But it doesn’t say anything about why. Gotta dig through the prior logs to see what the error might be